X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=config%2FConfig-build.in;h=ac1e05d2ff497c30287d70cd023de8a9ce085137;hb=f3cb1636abeaba5a753d70592d05541ad929daeb;hp=f9987fcd2bb7118b5f1bb90e9d734293a2a729d0;hpb=589621b1c03c25e6436d30aaa508aef2484244a6;p=oweals%2Fopenwrt.git

diff --git a/config/Config-build.in b/config/Config-build.in
index f9987fcd2b..ac1e05d2ff 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -7,6 +7,14 @@
 
 menu "Global build settings"
 
+	config JSON_OVERVIEW_IMAGE_INFO
+		bool "Create JSON info file overview per target"
+		default BUILDBOT
+		help
+		  Create a JSON info file called profiles.json in the target
+		  directory containing machine readable list of built profiles
+		  and resulting images.
+
 	config ALL_NONSHARED
 		bool "Select all target specific packages by default"
 		select ALL_KMODS
@@ -34,14 +42,27 @@ menu "Global build settings"
 		bool "Cryptographically signed package lists"
 		default y
 
+	config SIGNATURE_CHECK
+		bool "Enable signature checking in opkg"
+		default SIGNED_PACKAGES
+
 	comment "General build options"
 
+	config TESTING_KERNEL
+		bool "Use the testing kernel version"
+		depends on HAS_TESTING_KERNEL
+		default n
+		help
+		  If the target supports a newer kernel version than the default,
+		  you can use this config option to enable it
+
+
 	config DISPLAY_SUPPORT
 		bool "Show packages that require graphics support (local or remote)"
 		default n
 
 	config BUILD_PATENTED
-		default y
+		default n
 		bool "Compile with support for patented functionality"
 		help
 		  When this option is disabled, software which provides patented functionality
@@ -68,11 +89,19 @@ menu "Global build settings"
 		  This removes all ipkg/opkg status data files from the target directory
 		  before building the root filesystem.
 
+	config IPK_FILES_CHECKSUMS
+		bool
+		prompt "Record files checksums in package metadata"
+		default n
+		help
+		  This makes file checksums part of package metadata. It increases size
+		  but provides you with pkg_check command to check for flash coruptions.
+
 	config INCLUDE_CONFIG
 		bool "Include build configuration in firmware" if DEVEL
 		default n
 		help
-		  If enabled, config.seed will be stored in /etc/build.config of firmware.
+		  If enabled, buildinfo files will be stored in /etc/build.* of firmware.
 
 	config COLLECT_KERNEL_DEBUG
 		bool
@@ -169,6 +198,10 @@ menu "Global build settings"
 		config USE_UCLIBCXX
 			bool "uClibc++"
 
+		config USE_LIBCXX
+			bool "libc++"
+			depends on !USE_UCLIBC
+
 		config USE_LIBSTDCXX
 			bool "libstdc++"
 	endchoice
@@ -184,9 +217,38 @@ menu "Global build settings"
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package
 		  Makefile.
 
+	choice
+		prompt "User space ASLR PIE compilation"
+		default PKG_ASLR_PIE_NONE if ((SMALL_FLASH || LOW_MEMORY_FOOTPRINT) && !SDK)
+		default PKG_ASLR_PIE_REGULAR
+		help
+		  Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS.
+		  This enables package build as Position Independent Executables (PIE)
+		  to protect against "return-to-text" attacks. This belongs to the
+		  feature of Address Space Layout Randomisation (ASLR), which is
+		  implemented by the kernel and the ELF loader by randomising the
+		  location of memory allocations. This makes memory addresses harder
+		  to predict when an attacker is attempting a memory-corruption exploit.
+		  You can disable this per package by adding PKG_ASLR_PIE:=0 in the package
+		  Makefile.
+		  Be ware that ASLR increases the binary size.
+		config PKG_ASLR_PIE_NONE
+			bool "None"
+			help
+			  PIE is deactivated for all applications
+		config PKG_ASLR_PIE_REGULAR
+			bool "Regular"
+			help
+			  PIE is activated for some binaries, mostly network exposed applications
+		config PKG_ASLR_PIE_ALL
+			bool "All"
+			select BUSYBOX_DEFAULT_PIE
+			help
+			  PIE is activated for all applications
+	endchoice
+
 	choice
 		prompt "User space Stack-Smashing Protection"
-		depends on USE_MUSL
 		default PKG_CC_STACKPROTECTOR_REGULAR
 		help
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
@@ -194,19 +256,15 @@ menu "Global build settings"
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select SSP_SUPPORT if !USE_MUSL
 			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select SSP_SUPPORT if !USE_MUSL
-			depends on !GCC_VERSION_4_8
 			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice
 
 	choice
 		prompt "Kernel space Stack-Smashing Protection"
 		default KERNEL_CC_STACKPROTECTOR_REGULAR
-		depends on USE_MUSL || !(x86_64 || i386)
 		help
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
@@ -214,10 +272,17 @@ menu "Global build settings"
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
 		config KERNEL_CC_STACKPROTECTOR_STRONG
-			depends on !GCC_VERSION_4_8
 			bool "Strong"
 	endchoice
 
+	config  KERNEL_STACKPROTECTOR
+		bool
+		default KERNEL_CC_STACKPROTECTOR_REGULAR || KERNEL_CC_STACKPROTECTOR_STRONG
+
+	config  KERNEL_STACKPROTECTOR_STRONG
+		bool
+		default KERNEL_CC_STACKPROTECTOR_STRONG
+
 	choice
 		prompt "Enable buffer-overflows detection (FORTIFY_SOURCE)"
 		default PKG_FORTIFY_SOURCE_1